Reaction/recheck to non-fully active documents

w3c / webappsec-credential-management

WebAppSec Credential Management

https://w3c.github.io/webappsec-credential-management/

Other

50 stars 38 forks source link

Reaction/recheck to non-fully active documents #227

Open marcoscaceres opened 8 months ago

marcoscaceres commented 8 months ago

Seems we might be missing a couple of fully active checks on .get(), .store(), .create() and store().

that is, is there are case for stealing a reference from an iframe's navigator.credential to attempt to use the API? (I don't imagine there is)

const iframe = document.querySelector("iframe");
const { credentials } = iframe.contentWindow.navigator;
iframe.remove(); // no longer fully active..

await credentials.get(someCredential); // probably reject with NotAllowedError

marcoscaceres commented 8 months ago

We might also want to deal with what happens when a credential UI is shown and the underlying document becomes non-fully-active (i.e., probably want to tear down any UI and AbortError promises or something).

marcoscaceres commented 8 months ago

We probably need to add a promise reaction here too... to clear the active credential type.

marcoscaceres commented 6 months ago

Reopening so we can add the reactions.